{"vulnerability": "CVE-2021-4355", "sightings": [{"uuid": "1fdb620b-b9e2-4c19-8858-a4508b523e78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43557", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8218", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable.\n\nhttps://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/", "creation_timestamp": "2021-11-25T22:41:13.000000Z"}, {"uuid": "f150fee4-ef79-44b7-bb88-d4802e45b1e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43557", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/483", "content": "#CVE-2021-43557 Apache APISIX Path traversal in request_uri variable\nhttps://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable\n\n#poc for CVE-2021-43557\nhttps://github.com/xvnpw/k8s-CVE-2021-43557-poc", "creation_timestamp": "2021-11-24T08:57:32.000000Z"}, {"uuid": "4122ffea-ec72-4ccd-8037-1323abf141a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4355", "type": "seen", "source": "https://t.me/arpsyndicate/204", "content": "#ExploitObserverAlert\n\nCVE-2021-4355\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-4355. The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.\n\nFIRST-EPSS: 0.000720000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-11-17T05:00:21.000000Z"}, {"uuid": "7d970082-66b8-47fa-ae62-3e44ddf517a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43557", "type": "published-proof-of-concept", "source": "Telegram/7lOg35W8EDhondHOu_l4LlZeIPa0pj8gOC8hBeOw9Gj5jg", "content": "", "creation_timestamp": "2021-11-23T22:38:07.000000Z"}, {"uuid": "15b5e50e-2481-484d-8b98-f53900835a42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43557", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1212", "content": "#exploit\nCVE-2021-43557:\nApache APISIX: Path traversal in request_uri variable\nhttps://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable\n]-> PoC:\nhttps://github.com/xvnpw/k8s-CVE-2021-43557-poc\n\n@BlueRedTeam", "creation_timestamp": "2021-11-24T08:06:07.000000Z"}, {"uuid": "4ffe1860-d7c4-4920-b549-968d0409251f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43550", "type": "seen", "source": "https://t.me/cibsecurity/34692", "content": "\u203c CVE-2021-43550 \u203c\n\nThe use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-27T22:23:22.000000Z"}, {"uuid": "35160e49-cc60-4d05-9eb8-8dfe3df4895f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43552", "type": "seen", "source": "https://t.me/cibsecurity/34690", "content": "\u203c CVE-2021-43552 \u203c\n\nThe use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-27T22:23:19.000000Z"}, {"uuid": "5f53b46a-d8b1-4464-b1ce-5ab8945168d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43551", "type": "seen", "source": "https://t.me/cibsecurity/32572", "content": "\u203c CVE-2021-43551 \u203c\n\nA remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim\u00e2\u20ac\u2122s user permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T22:21:04.000000Z"}, {"uuid": "e6fe8cfc-b2bd-491e-b60a-4d1da28ede97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43553", "type": "seen", "source": "https://t.me/cibsecurity/32545", "content": "\u203c CVE-2021-43553 \u203c\n\nPI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T22:14:50.000000Z"}, {"uuid": "c7417c46-e44b-4abf-8c14-58f757ff9308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43559", "type": "seen", "source": "https://t.me/cibsecurity/32788", "content": "\u203c CVE-2021-43559 \u203c\n\nA flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The \"delete related badge\" functionality did not include the necessary token check to prevent a CSRF risk.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-22T18:23:43.000000Z"}, {"uuid": "eb835334-80aa-45ac-89fa-4d964d30e1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43558", "type": "seen", "source": "https://t.me/cibsecurity/32793", "content": "\u203c CVE-2021-43558 \u203c\n\nA flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-22T18:23:53.000000Z"}, {"uuid": "c94db87d-a6ed-41cd-bfa1-29ca71293d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43555", "type": "seen", "source": "https://t.me/cibsecurity/32747", "content": "\u203c CVE-2021-43555 \u203c\n\nmySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:23.000000Z"}, {"uuid": "6e957f41-164d-47a8-a085-c698ebba02ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43557", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4822", "content": "#exploit\nCVE-2021-43557:\nApache APISIX: Path traversal in request_uri variable\nhttps://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable\n]-> PoC:\nhttps://github.com/xvnpw/k8s-CVE-2021-43557-poc", "creation_timestamp": "2021-11-24T11:03:01.000000Z"}]}